1395 5E65 0C7A 5CEF 0373 F6E2 8982 15F5 6081 EBEB

Infosec bits for 2024 week 20

Maajied Moos | May 17, 2024, 2:35 p.m.

Cybersecurity News:

  • Cybersecurity in a Race to Unmask a New Wave of AI-Borne Deepfakes [https://www.darkreading.com/threat-intelligence/cybersecurity-in-a-race-to-unmask-a-new-wave-of-ai-borne-deepfakes, Dark Reading]
  • Why Tokens Are Like Gold for Opportunistic Threat Actors [John A. Smith, Dark Reading]
  • Log4Shell shows no sign of fading, spotted in 30% of CVE exploits [Help Net Security, Help Net Security]
  • Vulnerabilities & Patches:

  • Google fixes fifth Chrome zero-day exploited in attacks this year [Bill Toulas, Bleeping Computer]
  • CISA Adds One Known Exploited Vulnerability to Catalog [CISA, CISA]
  • Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS [Ryan Naraine, Security Week]
  • Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws [Lawrence Abrams, Bleeping Computer]
  • New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation [Newsroom, The Hacker News]
  • Adobe Patches Critical Flaws in Reader, Acrobat [Ryan Naraine, Security Week]
  • Flaw in Wi-Fi Standard Can Enable SSID Confusion Attacks [Jai Vijayan, Dark Reading]
  • Securing Git: Addressing 5 new vulnerabilities [Johannes SchindelinJohannes Schindelin, Git Hub]
  • Malware

  • As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide [Pierluigi Paganini, Security Affairs]
  • FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT [Newsroom, The Hacker News]
  • Malicious Go Binary Delivered via Steganography in PyPI [Phylum Research Team, Phylum]
  • ‘Got that boomer!’: How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts [Zack Whittaker, Tech Crunch]